Wouldn't this apply to any Ajax functions in any JS framework? Rey, how do you suppose they are billing this as a potential security hole for unauthorized access? I just don't see it. I was really hoping Chris would contact me.
On Jan 14, 4:51 pm, Rey Bango <r...@reybango.com> wrote: > Hey Chris, > > I understand. Unfortunately, without more details, it's going to be > very hard for us to help. If you can get us more info, we're here to > listen and help. > > Rey...On Thu, Jan 14, 2010 at 4:45 PM, ChrisM <manni...@gmail.com> wrote: > > Rey, thanks for getting back to me. The issues were flagged as cross- > > site scripting, saying a call to getScript, getJSON etc. leaves the > > door open for unauthorized requests. > > > Even though we are sure that we could use this safely in an > > application, we are at the mercy of the scan results. Sorry that I > > can't share more information. > > > Thanks, > > Chris